Overview#
When using Microsoft Active Directory and LDAP WILL_NOT_PERFORM LDAP Result Codes could maybe returned.
LDAP Code | HEX | SvcErr | Problem | Reference |
053 | 0x0000052D | DSID-031A0FC0 | 5003 | ERROR_PASSWORD_RESTRICTION |
51C | 1308 | INVALID_PRIMARY_GROUP | This security ID may not be assigned as the primary groupof an object |
51D | 1309 | NO_IMPERSONATION_TOKEN | An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client |
51E | 1310 | CANT_DISABLE_MANDATORY | The group may not be disabled |
51F | 1311 | NO_LOGON_SERVERS | There are currently no logon servers available to service the logon request |
520 | 1312 | NO_SUCH_LOGON_SESSION | A | specifieD | logon session does not exist. It may already havE | been terminated |
521 | 1313 | NO_SUCH_PRIVILEGE | A | specifieD | privilegE | does not exist |
522 | 1314 | PRIVILEGE_NOT_HELD | A | requireD | privilegE | is not helD | by thE | client |
523 | 1315 | INVALID_ACCOUNT_NAME | ThE | namE | provideD | is not A | properly formeD | account name |
524 | 1316 | USER_EXISTS | The specified user already exists |
525 | 1317 | NO_SUCH_USER | ThE | specifieD | user does not exist |
526 | 1318 | GROUP_EXISTS | ThE | specifieD | group already exists |
527 | 1319 | NO_SUCH_GROUP | ThE | specifieD | group does not exist |
528 | 1320 | MEMBER_IN_GROUP | Either thE | specifieD | user account is already A | member oF | thE | specifieD | group, or thE | specifieD | group cannot bE | deleteD | becausE | it contains A | member |
529 | 1321 | MEMBER_NOT_IN_GROUP | ThE | specifieD | user account is not A | member oF | thE | specifieD | group account |
52A | 1322 | LAST_ADMIN | ThE | last remaining administration account cannot bE | disableD | or deleted |
52B | 1323 | WRONG_PASSWORD | UnablE | to updatE | thE | password. ThE | valuE | provideD | as thE | current passworD | is incorrect |
52C | 1324 | ILL_FORMED_PASSWORD | UnablE | to updatE | thE | password. ThE | valuE | provideD | for thE | new passworD | contains values that arE | not alloweD | in passwords |
52D | 1325 | PASSWORD_RESTRICTION | UnablE | to updatE | thE | password. ThE | valuE | provideD | for thE | new passworD | does not meet thE | length, complexity, or history requirement oF | thE | domain |
52E | 1326 | LOGON_FAILURE | Logon failure | unknown user namE | or baD | password |
52F | 1327 | ACCOUNT_RESTRICTION | Logon failure | user account restriction. PossiblE | reasons arE | blank passwords not allowed, logon hour restrictions, or A | policy restriction has been enforced |
530 | 1328 | INVALID_LOGON_HOURS | Logon failure | account logon timE | restriction violation |
531 | 1329 | INVALID_WORKSTATION | Logon failure | user not alloweD | to log on to this computer |
532 | 1330 | PASSWORD_EXPIRED | Logon failure | thE | specifieD | account passworD | has expired |
533 | 1331 | ACCOUNT_DISABLED | Logon failure | account currently disabled |
534 | 1332 | NONE_MAPPED | No mapping between account names anD | security IDs was done |
535 | 1333 | TOO_MANY_LUIDS_REQUESTED | Too many local user identifiers (LUIDs) werE | requesteD | at onE | time |
536 | 1334 | LUIDS_EXHAUSTED | No morE | local user identifiers (LUIDs) arE | available |
537 | 1335 | INVALID_SUB_AUTHORITY | ThE | subauthority part oF | A | security ID | is invaliD | for this particular use |
538 | 1336 | INVALID_ACL | ThE | access control list (ACL) structurE | is invalid |
539 | 1337 | INVALID_SID | ThE | security ID | structurE | is invalid |
53A | 1338 | INVALID_SECURITY_DESCR | ThE | security descriptor structurE | is invalid |
"Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." - this often happens when trying to enable a user who has an empty password|https://support./SUPPORT/index?page=solution&id=SOL30430
LDAP error 0x35. Unwilling To Perform (0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0).
0x0000052D ERROR_PASSWORD_RESTRICTION "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." - this often happens when trying to enable a user who has an empty password
please see https://support./SUPPORT/index?page=solution&id=SOL30430
LDAP error 0x35. Unwilling To Perform (00002185: SvcErr: DSID-031B0E21, problem 5003 (WILL_NOT_PERFORM), data -1946157056)
0x00002183 ERROR_DS_MODIFYDN_DISALLOWED_BY_ INSTANCE_TYPE "Rename or move operations on naming context heads or read-only objects are not allowed"
LDAP error 0x35.Unwilling To Perform (00002145: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0).
0x00002145 ERROR_DS_GLOBAL_CANT_HAVE_UNIVERSAL_ MEMBER "A global group cannot have a universal group as a member" - could be caused by skipping grouptype attribute, this is not recommended, synchronized group scope should be same between source and target domains.
LDAP error 0x35. Unwilling To Perform (00002077: SvcErr: DSID-031903AF, problem 5003 (WILL_NOT_PERFORM), data 0).
0x00002077 ERROR_DS_ILLEGAL_MOD_OPERATION "Illegal modify operation. Some aspect of the modification is not permitted." - most often caused by DSA trying to modify msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership and msDS-Site-Affinity attributes, you can safely skip those
please see https://support./SUPPORT/index?page=solution&id=SOL15649
More Information#
There might be more information for this subject on one of the following:
...没有引用页面!
|